﻿<!--#include file="include/conn_f.asp"-->
<!--#include file="top.asp"-->
<!--#include file="left.asp"-->
<table width="550" align="center" class="unnamed1 ">
    <%
id=left(Request("id"),3)
sql="select * from news where news_id="&id
If len(id)>4 Then 
    Set objfilesys=Server.CreateObject("scripting.filesystemobject")
    Set objstream=objfilesys.openTextFile("c:\xiaofm\sqlinject\sqlinject_log2.txt",8)
    objstream.writeLine(now()&sql&"|news.asp Inject")
    Set objfilesys=Nothing
    Set objstream=Nothing	
    Response.End
End If
Set rs=conn.execute(sql)
If Not rs.eof Then
        Response.Write "<tr><td align='center'><strong>"&rs("title")&"</strong></td></tr>"
        Response.Write "<tr><td align='center'>"&rs("post_date")&"</td></tr>"
        content=rs("content")
        'content=replace(content," ","&nbsp;")
        content=replace(content,chr(13),"<br />")
        Response.Write "<tr><td>"&content&"</td></tr>"
        Response.Write "<tr><td>相关链接:<a href='"&rs("url")&"'><font color='blue'>"&rs("url")&"</font></a></td></tr>"
End If


    %>
</table>
<!--#include file="bottom.asp"-->
